Skip to main content

NIST 800-63B



NIST Special Publication 800-63B is a digital identity guideline that provides recommendations on types of authentication processes that may be used at various Authenticator Assurance Levels (AALs). It applies to the digital authentication of subjects to systems over a network. The version used for this section is NIST 800-63B.


5_1_1_2. Memorized secret verifiers127. Store hashed passwords
132. Passphrases with at least 4 words
134. Store passwords with salt
135. Passwords with random salt
139. Set minimum OTP length
332. Prevent the use of breached passwords
333. Store salt values separately
334. Avoid knowledge-based authentication
5_1_3_2. Out-of-band verifiers335. Define out of band token lifespan
5_1_4_2. Single-factor OTP verifiers140. Define OTP lifespan
5_2_3. Use of biometrics231. Implement a biometric verification component
5_2_5. Verifier impersonation resistance088. Request client certificates
5_2_8. Replay resistance030. Avoid object reutilization
6_1_1. Binding at enrollment136. Force temporary password change
137. Change temporary passwords of third parties
367. Proper generation of temporary passwords
7_1. Session bindings025. Manage concurrent sessions
028. Allow users to log out
030. Avoid object reutilization
031. Discard user session data
329. Keep client-side storage without sensitive data
7_1_1. Browser cookies029. Cookies with security attributes
free trial

Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.